Corvex Labs Contact Us

Legal

Privacy Policy

Last Updated: 10 April 2025 · Effective Date: 10 April 2025

1. Introduction

Corvex Labs ("we", "us", "our") is committed to handling personal data responsibly and transparently. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have in relation to that data. It applies to information collected through this website and through our engagement process.

This policy is prepared in accordance with the Personal Data Protection Act 2010 (PDPA 2010) of Malaysia.

If you have questions about this policy or about how we handle your data, contact us at: [email protected]

2. Data We Collect

Information you provide directly

  • Name and email address (via contact form or email correspondence)
  • Phone number (if provided voluntarily)
  • Organisation name and your role within it
  • Details of the enquiry or decision you describe to us

Information collected automatically

  • Browser type and operating system (via server logs)
  • IP address and approximate geographic location
  • Pages visited and time spent on the website
  • Referral source (how you arrived at the site)

Engagement-related data

If you proceed with an engagement, additional information may be shared — including organisational documents, vendor proposals, or system details. That information is governed by the separate data handling terms set out in the engagement agreement.

3. How We Use Your Data

  • To respond to your enquiry and assess whether an engagement is a suitable fit
  • To conduct and deliver the scope of an agreed engagement
  • To communicate with you during and after an engagement
  • To invoice and process payment for services
  • To improve our website and understand how visitors use it
  • To comply with our legal and regulatory obligations

We do not use personal data for unsolicited marketing, and we do not sell or rent data to third parties.

4. Legal Basis for Processing

  • Consent — where you have actively provided information via a contact form or accepted cookie settings
  • Contractual necessity — where processing is required to fulfil an engagement agreement
  • Legitimate interests — for website analytics and improving our services, where these interests do not override your rights
  • Legal obligation — where applicable Malaysian law requires us to retain or process certain records

5. Data Retention

Enquiry data that does not lead to an engagement is retained for no longer than twelve months from the date of last contact, after which it is deleted.

Engagement-related correspondence and deliverables are retained for seven years from the close of the engagement, as required for business record purposes under Malaysian law.

Website analytics data is retained in aggregate form only and is not associated with identifiable individuals after thirty days.

6. Sharing with Third Parties

We do not share your personal data with third parties for commercial purposes. We may share data in the following limited circumstances:

  • With service providers who process data on our behalf (e.g., email hosting, invoicing software) under appropriate data processing agreements
  • With analytics providers operating under anonymised or aggregated data arrangements
  • Where required by Malaysian law, court order, or regulatory authority

We do not share client engagement details with other clients or with any AI vendors we may have reviewed in the course of an engagement.

7. Cookies

This website uses cookies. Essential cookies are required for the site to function. Optional analytics and preference cookies can be accepted or declined via the cookie banner. For full details, see our Cookie Policy.

8. Data Security

We take reasonable technical and organisational precautions to protect personal data against unauthorised access, loss, or disclosure. These include:

  • HTTPS encryption for all website communications
  • Access controls restricting data to personnel with a legitimate need
  • Password-protected document storage for engagement materials
  • Regular review of our data handling procedures

In the event of a data breach that may affect your rights, we will notify you in accordance with our obligations under PDPA 2010.

9. Your Rights

Under PDPA 2010 and, where applicable, broader data protection principles, you have the following rights:

  • Right to access — to request a copy of personal data we hold about you
  • Right to correction — to request that inaccurate data be corrected
  • Right to withdraw consent — where processing is based on consent
  • Right to object — to processing for certain purposes, including direct marketing
  • Right to erasure — subject to legal retention obligations

To exercise any of these rights, contact us at [email protected]. We will respond within 21 days.

10. Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policy of any external site before providing personal information.

11. Children's Privacy

Our services are directed at organisations and professional decision-makers. We do not knowingly collect personal data from individuals under the age of 18. If such data is brought to our attention, it will be deleted promptly.

12. Changes to This Policy

We may update this policy from time to time. The date at the top of this page reflects the most recent revision. We will notify active clients of material changes by email.

13. Contact

Data controller: Corvex Labs
Address: Suite 22-3, Q Sentral, 2A Jalan Stesen Sentral 2, 50470 Kuala Lumpur, Malaysia
Email: [email protected]

For complaints regarding our handling of personal data, you may also contact the Personal Data Protection Department (JPDP) of Malaysia.